ezyang/htmlpurifier
Standards compliant HTML filter written in PHP
Requires
- php: ~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0
Requires (Dev)
- cerdic/css-tidy: ^1.7 || ^2.0
- simpletest/simpletest: dev-master
Suggests
- ext-bcmath: Used for unit conversion and imagecrash protection
- ext-iconv: Converts text to and from non-UTF-8 encodings
- ext-tidy: Used for pretty-printing HTML
- cerdic/css-tidy: If you want to use the filter 'Filter.ExtractStyleBlocks'.
Provides
None
Conflicts
None
Replaces
None
LGPL-2.1-or-later b287d2a16aceffbf6e0295559b39662612b77fcf
- Edward Z. Yang <admin.woop@htmlpurifier.org>
This package is auto-updated.
Last update: 2026-06-17 18:02:30 UTC
README
HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.
Places to go:
- See INSTALL for a quick installation guide
- See docs/ for developer-oriented documentation, code examples and an in-depth installation guide.
- See WYSIWYG for information on editors like TinyMCE and FCKeditor
HTML Purifier can be found on the web at: http://htmlpurifier.org/
Installation
Package available on Composer.
If you're using Composer to manage dependencies, you can use
$ composer require ezyang/htmlpurifier